pfSense hardware

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,176
One of the pfsense devs posted some throughput numbers on reddit that may shed somelight on what it's capable of with certain hardware.
https://www.reddit.com/r/PFSENSE/comments/3xqhqo/thinking_of_switching_to_pfsense/cy7evhu>
Oh, finally some data that isn't the ancient "GHz-class processor" list they used to have. It looked straight out of 2004.

Edit: I see that they now have a Xeon-D appliance, besides the Avoton models. It's a bit disappointing to see all the avotons end up with very similar OpenVPN performance, given the massive price difference between them. Xeon-D crushes them all - no wonder every big cloud/big whatever/insert catchphrase of the day company has been gobbling up Xeon-D.
 
Last edited:

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
They're all similar due to the single threaded limitation of OpenVPN. At least that's what's reported on the pfsense forums. IPsec seems to be recommended to overcome this limitation.

PPPoE seems to be another problem reported with limited bandwidth as well regardless of hardware. Just some stuff I've read over there, I'm not knowledgeable enough to comment further.

I still wouldn't give up my pfsense for nothin, I love it.
 

depasseg

FreeNAS Replicant
Joined
Sep 16, 2014
Messages
2,874
So for those of you using pfsense, are you using snort and/or suricata? I'm currently using a Ubiquiti Edge Router lite and am considering switching, but I'm wondering what those plugins will do to my hardware selection.
 

pirateghost

Unintelligible Geek
Joined
Feb 29, 2012
Messages
4,219
So for those of you using pfsense, are you using snort and/or suricata? I'm currently using a Ubiquiti Edge Router lite and am considering switching, but I'm wondering what those plugins will do to my hardware selection.
I prefer Sophos over pfsense for the filtering, etc
 

depasseg

FreeNAS Replicant
Joined
Sep 16, 2014
Messages
2,874
Do you use it in conjunction with pfsense? or in lieu of?
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
Running Snort and pfblockerNG on WAN with alerts enables on LAN. Also running dynDNS for 2 sub domains. Been running like this for almost a year now without issue.

Do know that Snort takes a bit of maintenance to get and keep running. It's not a set and forget package. You have to weed out the false positives before it is effective as an IPS. I ran it for about 3 weeks before I turned the blocking function on and I've still had to monitor it for false positives since as it will block things you use. Since the blocking has been on I haven't had to remove a single instance of malware on my Windows desktop.

Just my .02
 
Joined
Jan 9, 2015
Messages
430
So for those of you using pfsense, are you using snort and/or suricata? I'm currently using a Ubiquiti Edge Router lite and am considering switching, but I'm wondering what those plugins will do to my hardware selection.
I run snort on pfsense, along with squid and HAVP. It all runs fine on the modest hardware I have. I'm still running 2.0 though. I'm not sure how much the new versions may differ.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
What, do you just run around opening every executable you find online?

No but there are 2 other people in this household and both of them repel technology ;)
 

Mirfster

Doesn't know what he's talking about
Joined
Oct 2, 2015
Messages
3,215
So, liking pfsense enough so far to consider replacing my dd-wrt setup and perhaps even upgrading to a better AP solution to complement it.

Been looking at the Ubiquiti UAP‑AC‑PRO and was wondering if anyone is using this with pfsense? If so, what kinda coverage is to be expected? My house has 3 floors and currently, I actually have hardwired APs (DLink DIR-825 with DD-WRT in AP mode) on each floor. Not sure if I could get away with just using one of the Ubiquiti UAP‑AC‑PRO...
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
You don't use them "with pfSense". They're just totally different things, despite "home router" manufacturers typically trying to mash all the functionality together in a single package.

I haven't gotten around to upgrading to the latest Ubiquiti AP's yet. The early AC units were a bit of an overheat-y train wreck, and since we favor hardwire connections around here, the UAP-Pro's have been very sufficient until now. The older Pro's have fairly reasonable range, but if you want to get better speeds, you should plan on multiple units.

Depending on the design of your "three floor" house, you probably don't want a unit on each floor, as much as you'd want a unit nearer each end of the house on the top floor, and maybe one on the bottom floor. Of course, you don't have to get that aggressive right away. One of the nice things about a true access point solution is that you can get the single AP and *try* it, and then add additional coverage if it is discovered to be needed.
 

Mirfster

Doesn't know what he's talking about
Joined
Oct 2, 2015
Messages
3,215
You don't use them "with pfSense"
Agreed, I just noticed some mention of a possible pfsense package for Ubiquiti Unifi. Not sure if I want to invest into this yet anyways since there is not really any major complaint regarding WiFi (except for a single dead spot that could be taken care of pretty easily). If I really thought about it, it would be mostly for aesthetic purposes anyways (my APs are at ends of the levels right now).
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
Then just keep it on the back burner for when you do eventually want or need to spend the money. By then maybe they'll have Wifi AC-XXXL standardized to do 100Gbps and you won't waste money on some lesser standard.
 

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,176
By then maybe they'll have Wifi AC-XXXL standardized to do 100Gbps and you won't waste money on some lesser standard.
And it'll still be slower than GbE in any realistic scenario, judging by what's been happening in the WiFi market. :D
 
Joined
Mar 6, 2014
Messages
686

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
You'll get a better response in the Hardware or Installation and Upgrades section.

Personally I'd bridge that modem and run it. Very few people with similar hardware have reported the problem your having and I bet it's due to your somewhat obscure installation setup you have right now.
 
Top